Pierre Gaxatte | 3 Jan 11:01 2012
Picon

Re: [Proftpd-user] TCP Window dropping to zero during upload

Hi,

I did not have any answer to my questions but I figured out what causes my problem.

A F5 BigIP happens to be on the way before the FTP server and it cuts ANY TCP connection that exceeds 1200 seconds without acitvity. Without it, the TCP connection would stop <at> 7200 seconds I believe.

This means that it cuts the control connection. But why does proftpd drop its TCP window when the control connection is closed? (in this case it is closed by an RST packet)

Is this by design?

I didn't see anything about that in RFC959. :(

I can't modify the 1200 seconds of TCP timeout so is there any way to prevent proftpd from closing its window when the control connection is lost?

I'll try vsftpd too to see if it is acting the same way.

Thanks in advance.

Regards,
Pierre



On Fri, Dec 30, 2011 at 2:21 PM, Pierre Gaxatte <pierre.gaxatte <at> gmail.com> wrote:
Just to add a comment, I noticed, in the latest test I ran, that the client (curl) is closing the connection on port 21 <at> 1206 seconds and 6 ACKs after that, the server is starting to decrease its TCP window.

Could it be related?

Thanks in advance,
Pierre


On Fri, Dec 30, 2011 at 2:06 PM, Pierre Gaxatte <pierre.gaxatte <at> gmail.com> wrote:
Hi,

I am having a weird problem with proftpd (version 1.3.1 from debian lenny and version 1.3.3 from squeeze, both on 64 bits system) when I try to upload a big file.

The upload lasts around 1200 seconds (20 minutes) and I can see in the resulting pcap capture that the TCP window is dropping to zero in a few packets at that point in time.
Then the client sends keep alive packets until it reaches its timeout.

Do you have any clue of what is going on?

The server's configuration:
ServerName                      "Precom FTP"
ServerType                      standalone
ServerIdent                     on              "FTP Server"
DeferWelcome                    on
DefaultServer                   on
DisplayLogin                    .welcome        # Textfile to display on login
DisplayConnect                  .connect        # Textfile to display on connection
UseReverseDNS                   off
IdentLookups                    off
Port                            21
Umask                           022
MaxInstances                    30
MaxClientsPerHost               5              "Only %m connections per host allowed"
MaxClients                      15             "Only %m total simultanious logins allowed"
MaxHostsPerUser                10
User                            proftpd
Group                           nogroup
Include /etc/proftpd/modules.conf
DefaultRoot                     ~
AllowOverwrite                  on
HiddenStores                    on
DeleteAbortedStores             on
ScoreboardFile                  /data/logs/proftpd/scoreboard
TimeoutNoTransfer               60
LogFormat                       default         "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth            "%v [%P] %h %t \"%r\" %s"
LogFormat                       write           "%h %l %u %t \"%r\" %s %b"
TransferLog                     /data/logs/proftpd/proftpd.xferlog
ExtendedLog                     /data/logs/proftpd/proftpd.access_log    WRITE,READ write
ExtendedLog                     /data/logs/proftpd/proftpd.auth_log      AUTH auth
ExtendedLog                     /data/logs/proftpd/proftpd.paranoid_log  ALL default
AuthOrder                       mod_sql.c
SQLAuthTypes                    Backend
SQLConnectInfo                  xxxxxx
SQLUserInfo                     usertable userid passwd uid gid homedir shell
SQLGroupInfo                    grouptable groupname gid members
SQLUserWhereClause              "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
SQLLogFile                      /data/logs/proftpd/proftpd.mysql
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLLog RETR,STOR transfer1
SQLNamedQuery  transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery  transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
AllowStoreRestart             off
AllowRetrieveRestart            on
RequireValidShell               off
PathDenyFilter                  "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot                     ~
DenyFilter                      \*.*/
UseSendfile off
PassivePorts 60000 65535        # These ports should be safe...
DeleteAbortedStores o

The logs don't show anything particular...
Also, it might intersting, some kernel variables:
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_keepalive_time = 3600
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 25
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 380544       507392  761088
net.ipv4.tcp_wmem = 4096        16384   4194304
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_max_ssthresh = 0

Thanks in advance!

Regards,

--
Pierre Gaxatte



--
Pierre Gaxatte



--
Pierre Gaxatte
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
TJ Saunders | 3 Jan 18:46 2012

Re: [Proftpd-user] TCP Window dropping to zero during upload


> Just to add a comment, I noticed, in the latest test I ran, that the client
> (curl) is closing the connection on port 21  <at> 1206 seconds and 6 ACKs after
> that, the server is starting to decrease its TCP window.
> 
> Could it be related?

There were feature requests that proftpd close all data transfer 
connections once the control connection closed; see:

  http://bugs.proftpd.org/show_bug.cgi?id=3496

Perhaps this is the behavior you're encountering.  It sounds like you 
expect the upload to continue, even though the control connection has 
closed.

In order to keep your control connection from being closed during long 
uploads, e.g. closed by firewalls/routers, your client can periodically 
send the NOOP FTP command, simply to signal to the firewalls/routers that 
that connection is still alive.

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   The true science and study of man is man.

   	-Pierre Charron

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

JC Putter | 9 Jan 13:19 2012
Picon

[Proftpd-user] LDAPGenerateHomedir

Hi

 

I configured proftpd on centos 5 with LDAP authentication against our Active Directory server, authentication works but I want each users to be chrooted it their own directory, as I understand this can be achieved using LDAPGenerateHomedir, LDAPGenerateHomedirPrefix

 

But I get the following when authenticating;

 

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - opening TransferLog '/var/log/xferlog'

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Preparing to chroot to directory '/opt/ftp'

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Environment successfully chroot()ed

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - unable to chdir to /testuser (No such file or directory), defaulting to chroot directory /

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - in dir_check_full(): path = '/', fullpath = '/'.

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap

 

Any help please!

 

Thank you

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
JC Putter | 9 Jan 14:42 2012
Picon

Re: [Proftpd-user] LDAPGenerateHomedir

There is a more detailed log

 

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: fetching value(s) for attr SAMAccountname

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: fetching value(s) for attr uidNumber

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: no values for attribute uidNumber, trying defaults...

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: using default UID 500

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: fetching value(s) for attr gidNumber

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: no values for attribute gidNumber, trying defaults...

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: using default GID 501

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: fetching value(s) for attr homeDirectory

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: no values for attribute homeDirectory, trying defaults...

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: using default homedir /opt/ftp/jcputter

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: fetching value(s) for attr loginShell

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: no values for attribute loginShell, trying defaults...

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: user jcputter, uid 500, gid 501, homedir /opt/ftp/jcputter, shell

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - notice: unable to use '~/' [resolved to '/opt/ftp/jcputter/']: No such file or directory

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Preparing to chroot to directory '~/'

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Environment successfully chroot()ed

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - unable to chdir to /opt/ftp/jcputter (No such file or directory), defaulting to chroot directory /

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - jcputter chdir("/"): No such file or directory

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: successfully unbound

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: not unbinding to an already unbound connection.

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - FTP session closed.

 

 

The Defaultroot is set to ~ , proftpd correctly resolves the homedirectory for the users but says “no such file or directory”

 

The directory does have execute permissions.

 

Thanks.

 

 

From: JC Putter
Sent: 09 January 2012 02:20 PM
To: 'proftp-user <at> lists.sourceforge.net'
Subject: LDAPGenerateHomedir
Importance: High

 

Hi

 

I configured proftpd on centos 5 with LDAP authentication against our Active Directory server, authentication works but I want each users to be chrooted it their own directory, as I understand this can be achieved using LDAPGenerateHomedir, LDAPGenerateHomedirPrefix

 

But I get the following when authenticating;

 

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - opening TransferLog '/var/log/xferlog'

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Preparing to chroot to directory '/opt/ftp'

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - Environment successfully chroot()ed

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - unable to chdir to /testuser (No such file or directory), defaulting to chroot directory /

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - in dir_check_full(): path = '/', fullpath = '/'.

192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap

 

Any help please!

 

Thank you

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Roberts, David M [ITSYS] | 9 Jan 17:07 2012

[Proftpd-user] unable to connect to proftpd with IBM Z/OS tls client

I’ve recently installed proftpd with TLS enabled.  We have haven’t been able to transfer a file from our Z/OS system to the new server via ftp/tls, plain ftp works.  Anyone had a similar problem?

 

Here’s my config file:

 

# Enable TLS/SSL

<IfModule mod_tls.c>

    TLSEngine on

    TLSLog /var/log/proftpd_tls.log

 

    # Support both SSLv3 and TLSv1

    TLSProtocol SSLv3 TLSv1

 

    # Are clients required to use FTP over TLS when talking to this server?

    TLSRequired off

 

    # Server's certificate

    TLSRSACertificateFile /etc/pki/tls/certs/filetrans2-temp.crt

    TLSRSACertificateKeyFile /etc/pki/tls/certs/filetrans2-temp_nopp.key

 

    # CA the server trusts

    #TLSCACertificateFile /etc/ftpd/root.cert.pem

    TLSOptions NoCertRequest

 

    # Authenticate clients that want to use FTP over TLS?

    TLSVerifyClient off

 

    # Allow SSL/TLS renegotiations when the client requests them, but

    # do not force the renegotations.  Some clients do not support

    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these

    # clients will close the data connection, or there will be a timeout

    # on an idle data connection.

    #TLSRenegotiate none

 

    #DMR 12-19-11

    TLSRenegotiate required off

    TLSCipherSuite 3DES

    TLSOptions NoSessionReuseRequired EnableDiags

 

  </IfModule>

 

# Use pam to authenticate (default) and be authoritative

AuthPAMConfig proftpd

AuthOrder mod_auth_pam.c* mod_auth_unix.c

PersistentPasswd off

 

# Enable Passive ports

PassivePorts 9500 9699

 

TransferLog /var/log/proftpd.log

ServerLog /var/log/proftpd.log

 

 

When I start proftpd we get no errors and all the parms seem correct:

 

[root <at> filetrans2-temp ~]$ /opt/proftpd/sbin/proftpd -nd6

filetrans2-temp proftpd[11146]: using TCP receive buffer size of 87380 bytes

filetrans2-temp proftpd[11146]: using TCP send buffer size of 16384 bytes

filetrans2-temp proftpd[11146]: mod_tls/2.4.3: using OpenSSL 1.0.0-fips 29 Mar 2010

filetrans2-temp proftpd[11146]: disabling runtime support for IPv6 connections

filetrans2-temp proftpd[11146]: <IfModule>: using 'mod_tls.c' section at line 46

filetrans2-temp proftpd[11146] filetrans2-temp:

filetrans2-temp proftpd[11146] filetrans2-temp: Config for ProFTPD Default Installation:

filetrans2-temp proftpd[11146] filetrans2-temp: Limit

filetrans2-temp proftpd[11146] filetrans2-temp:  DenyAll

filetrans2-temp proftpd[11146] filetrans2-temp: DefaultServer

filetrans2-temp proftpd[11146] filetrans2-temp: Umask

filetrans2-temp proftpd[11146] filetrans2-temp: UserID

filetrans2-temp proftpd[11146] filetrans2-temp: UserName

filetrans2-temp proftpd[11146] filetrans2-temp: GroupID

filetrans2-temp proftpd[11146] filetrans2-temp: GroupName

filetrans2-temp proftpd[11146] filetrans2-temp: AllowOverwrite

filetrans2-temp proftpd[11146] filetrans2-temp: TLSEngine

filetrans2-temp proftpd[11146] filetrans2-temp: TLSLog

filetrans2-temp proftpd[11146] filetrans2-temp: TLSRequired

filetrans2-temp proftpd[11146] filetrans2-temp: TLSRSACertificateFile

filetrans2-temp proftpd[11146] filetrans2-temp: TLSRSACertificateKeyFile

filetrans2-temp proftpd[11146] filetrans2-temp: TLSOptions

filetrans2-temp proftpd[11146] filetrans2-temp: TLSVerifyClient

filetrans2-temp proftpd[11146] filetrans2-temp: TLSRenegotiate

filetrans2-temp proftpd[11146] filetrans2-temp: TLSCipherSuite

filetrans2-temp proftpd[11146] filetrans2-temp: TLSOptions

filetrans2-temp proftpd[11146] filetrans2-temp: AuthPAMConfig

filetrans2-temp proftpd[11146] filetrans2-temp: AuthOrder

filetrans2-temp proftpd[11146] filetrans2-temp: PassivePorts

filetrans2-temp proftpd[11146] filetrans2-temp: TransferLog

filetrans2-temp proftpd[11146] filetrans2-temp: ServerLog

filetrans2-temp proftpd[11146] filetrans2-temp: mod_tls/2.4.3: passphrase locked into memory

filetrans2-temp proftpd[11146] filetrans2-temp: ProFTPD 1.3.4rc3 (devel) (built Fri Dec 16 2011 14:19:58 CST) standalone mode STARTUP

 

 

proftpd log when I connect and attempt to transfer a file from the Z/OS system

 

[root <at> filetrans2-temp log]$ tail proftpd_tls.log

Dec 20 10:33:42 mod_tls/2.4.3[20805]: client reused SSL session for data connection

Dec 20 10:33:42 mod_tls/2.4.3[20805]: TLSv1/SSLv3 data connection accepted, using cipher EDH-RSA-DES-CBC3-SHA (168 bits)

Jan 09 09:21:05 mod_tls/2.4.3[11147]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)

Jan 09 09:21:06 mod_tls/2.4.3[11147]: TLS/TLS-C requested, starting TLS handshake

Jan 09 09:21:06 mod_tls/2.4.3[11147]: TLSv1/SSLv3 connection accepted, using cipher DES-CBC3-SHA (168 bits)

Jan 09 09:21:06 mod_tls/2.4.3[11147]: Protection set to Private

Jan 09 09:21:06 mod_tls/2.4.3[11147]: starting TLS negotiation on data connection

Jan 09 09:21:06 mod_tls/2.4.3[11147]: TLSv1/SSLv3 renegotiation accepted, using cipher DES-CBC3-SHA (168 bits)

Jan 09 09:21:06 mod_tls/2.4.3[11147]: client did not reuse SSL session, rejecting data connection (see the NoSessionReuseRequired TLSOptions parameter)

Jan 09 09:21:06 mod_tls/2.4.3[11147]: unable to open data connection: TLS negotiation failed

 

 

Messages from my Z/OS client:

 

EZA1736I FTP (EXIT=08                                                          

EZY2640I Using dd:SYSFTPD= for local site configuration parameters.            

EZA1450I IBM FTP CS V1R11                                                      

EZA1772I FTP: EXIT has been set.                                               

EZA1456I Connect to ?                                                          

EZA1736I filetrans2-temp                                       

EZA1554I Connecting to: filetrans2-temp. 999.999.999.999 port: 21

220 ProFTPD 1.3.4rc3 Server (ProFTPD Default Installation)  999.999.999.999    

EZA1701I >>> AUTH TLS                                                          

234 AUTH TLS successful                                                        

EZA2895I Authentication negotiation succeeded                                  

EZA1701I >>> PBSZ 0                                                            

200 PBSZ 0 successful                                                           

EZA1701I >>> PROT P                                                            

200 Protection set to Private                                                  

EZA2906I Data connection protection is private                                 

EZA1459I NAME (filetrans2-temp:DMROBER):                       

EZA1701I >>> USER testusr1                                                     

331 Password required for testusr1                                              

EZA1789I PASSWORD:                                                             

EZA1701I >>> PASS                                                  

230 User testusr1 logged in                                        

EZA1460I Command:                                                  

EZA1736I pwd                                                       

EZA1701I >>> PWD                                                   

257 "/dataxfer/ftpusers/testusr1" is the current directory         

EZA1460I Command:                                                  

EZA1736I cd /dataxfer/ftpusers/testusr1/upload                     

EZA1701I >>> CWD /dataxfer/ftpusers/testusr1/upload                

250 CWD command successful                                          

EZA1460I Command:                                                  

EZA1736I pwd                                                       

EZA1701I >>> PWD                                                   

257 "/dataxfer/ftpusers/testusr1/upload" is the current directory  

EZA1460I Command:                                                  

EZA1736I ascii                                                     

EZA1701I >>> TYPE A                                                

200 Type set to A                                                  

EZA1460I Command:                                                  

EZA1736I put 'ADP052.TEST.FT19993.V01' samptest.txt                

EZA1701I >>> SITE FIXrecfm 80 LRECL=80 RECFM=FB BLKSIZE=8880   

500 'SITE FIXRECFM' not understood                             

EZA1701I >>> PASV                                              

227 Entering Passive Mode (999.999.999.999,37,221).            

EZA1701I >>> STOR samptest.txt                                 

150 Opening ASCII mode data connection for samptest.txt        

425 Unable to build data connection: Operation not permitted   

EZA1735I Std Return Code = 27425, Error Code = 00002           

EZA1701I >>> QUIT                                              

221 Goodbye.                                                   

 

TIA,

Dave

 

 

David M. Roberts

Iowa State University

Information Technology Services

dmrober <at> iastate.edu

515-294-0288

 

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
TJ Saunders | 9 Jan 18:52 2012

Re: [Proftpd-user] unable to connect to proftpd with IBM Z/OS tls client


>     TLSOptions NoCertRequest

Only the *first* TLSOptions directive in the config is used; this is 
mentioned in the mod_tls documentation:

  http://www.proftpd.org/docs/contrib/mod_tls.html#TLSOptions

Because of this, mod_tls is NOT seeing the TLSOptions you define later in 
the config file.

Try putting all of your TLSOptions on the same line.

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Time present and time past
   Are both perhaps present in time future,
   And time future contained in time past.

     -T.S. Eliot

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

John Morrissey | 10 Jan 15:15 2012
Picon

Re: [Proftpd-user] LDAPGenerateHomedir

On Mon, Jan 09, 2012 at 01:42:20PM +0000, JC Putter wrote:
> 192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - mod_ldap/2.8.22: user jcputter, uid
500, gid 501, homedir /opt/ftp/jcputter, shell
> 192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - notice: unable to use '~/' [resolved to
'/opt/ftp/jcputter/']: No such file or directory
[snip]
> The Defaultroot is set to ~ , proftpd correctly resolves the homedirectory
> for the users but says "no such file or directory"
> 
> The directory does have execute permissions.

AFAIR, the intermediate directories (/, /opt, and /opt/ftp) will also need
the execute bit set. Is that the case?

john
--

-- 
John Morrissey          _o            /\         ----  __o
jwm <at> horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

JC Putter | 10 Jan 15:19 2012
Picon

Re: [Proftpd-user] LDAPGenerateHomedir

Yes both these directories have execute permissions

-----Original Message-----
From: John Morrissey [mailto:jwm <at> horde.net] 
Sent: 10 January 2012 04:16 PM
To: proftp-user <at> lists.sourceforge.net
Subject: Re: [Proftpd-user] LDAPGenerateHomedir

On Mon, Jan 09, 2012 at 01:42:20PM +0000, JC Putter wrote:
> 192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - 
> mod_ldap/2.8.22: user jcputter, uid 500, gid 501, homedir 
> /opt/ftp/jcputter, shell
> 192.168.0.8 (::ffff:192.168.0.33[::ffff:192.168.0.33]) - notice: 
> unable to use '~/' [resolved to '/opt/ftp/jcputter/']: No such file or 
> directory
[snip]
> The Defaultroot is set to ~ , proftpd correctly resolves the 
> homedirectory for the users but says "no such file or directory"
> 
> The directory does have execute permissions.

AFAIR, the intermediate directories (/, /opt, and /opt/ftp) will also need the execute bit set. Is that the case?

john
-- 
John Morrissey          _o            /\         ----  __o
jwm <at> horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell
to consumers worldwide. Explore the Intel AppUpSM program developer opportunity.
appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

John Morrissey | 10 Jan 22:42 2012
Picon

Re: [Proftpd-user] LDAPGenerateHomedir

On Tue, Jan 10, 2012 at 02:19:06PM +0000, JC Putter wrote:
> Yes both these directories have execute permissions

Can you post your complete ProFTPD configuration?

john
--

-- 
John Morrissey          _o            /\         ----  __o
jwm <at> horde.net        _-< \_          /  \       ----  <  \,
www.horde.net/    __(_)/_(_)________/    \_______(_) /_(_)__

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html

Hajo Locke | 11 Jan 08:41 2012
Picon
Picon

[Proftpd-user] issue with AllowOverwrite and symlinks

proftpd-1.3.3g

Hello List,

yesterday i had a interesting issue with AllowOverwrite.
Folderstructur is:
/www/htdocs/username/  <- this is the home of the user.
The user created subfolders in his home: folder1/folder2
Also there was a symlink in his home called www and linked to folder1

Significant part of my config should be:

DefaultRoot ~
<Directory ~/*>
        AllowOverwrite                on
        AllowRetrieveRestart          on
        AllowStoreRestart             on
</Directory>

The user logged in and tried to overwrite a file in 
/www/htdocs/username/folder1/folder2 which was denied whith  550 - Overwrite 
permission denied.
There was no other included conf or something which could explain this 
problem.
At last i removed the symlink www, had to restart the server and now i could 
overwrite the index.htm the general way how it should be.
i can reproduce this behaviour by creating/deleting symlink and restarting 
server.
But how to explain this? The symlink was existent but not used for changing 
folders. Additional the symlink did not link outside users home, just to a 
other folder in same directorylevel.
Is this an expected behaviour?

Thanks,
Hajo 

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html


Gmane